Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.
CVE description is inaccurate/misleading as usual. Fix is here:
Tree is clean.
Upstream issue says this might lead to a "blacklist bypass", which would seem to be very low impact in an HTTP client. No GLSA, all done!